Malicious Code

My hosting today sent me warrning

{CAV}PUA.SecuriteInfo.com.JS.
Redirect.Gen :
/var/www/vhosts/XXX.com/httpdocs/XXX/app/payments/emerchantpay.php
{CAV}PUA.SecuriteInfo.com.JS.Redirect.Gen :
/var/www/vhosts/XXX.com/httpdocs/payments/emerchantpay.php

Version 4 2 1

If I read this correctly, it is saying that it does a redirect. Many payment systems redirect to the parent site.

Do you use this payment method? Can your hosting dial up the diagnostic level to give more detail?

I am not using this payment method. Nor use this website, it was just testing environment. Also code looks clean with nothing strange.

If I read this correctly, it is saying that it does a redirect. Many payment systems redirect to the parent site.

Do you use this payment method? Can your hosting dial up the diagnostic level to give more detail?

A lot of these code detection algorithms will generate false positives.

I had hoped that by now, cs-cart would have created an installer for payment methods similar to addons. There's not need to carry all payment providers as operational in the system. Of the 50+ providers, most people use 1 or 2.

We've seen this one as a false positive as well. If their scanner is using a Bayesian detection scheme it flags it. You will get this on shared hosts since your only as stable as the worst tenant on the server.

Ask them to white list that file or the directory if you do not want to get things like this.